Is it at all possible for a trained eye to be able to determine which cryptographic hash function is used to hash users passwords in a database table for a specific application. We have an application that doesn’t use oracles default authentication so the application user hashes aren’t stored within $sys.users, they are in a random table specific to the application. My question is, if you can see the hashes in that table, could you tell which hash function hashed them? Or is there a tool to feed the hash into and for it to tell you which hash function hashed these passwords? Its hard to identify a tool to run dictionary password tests over if you don’t know what hash function is used.

Thanks for the reply. Is there anyway to use that tool "outside" of the backtrack framework tool? Would you need to export the hashes first, how does the process work, how are the hashes "fed in" to the tool? Please excuse my ignorance as I'm new to this.